/**
 *Copyright [2010] [lcj(caijunlu@gmail.com)]
 *Licensed under the Apache License, Version 2.0 (the "License");
 *you may not use this file except in compliance with the License. 
 *You may obtain a copy of the License at 
 *             http://www.apache.org/licenses/LICENSE-2.0 
 *Unless required by applicable law or agreed to in writing, 
 *software distributed under the License is distributed on an "AS IS" BASIS, 
 *WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 
 *either express or implied. See the License for the specific language governing permissions and limitations under the License
 */
package org.independent.servlet.session.manager;

import javax.servlet.http.HttpServletRequest;

import org.independent.servlet.session.ServletSession;
import org.independent.servlet.session.exception.ServletSessionException;
import org.independent.servlet.session.service.ContextHolderFactory;

public class SessionIdSecurity implements SessionSecurity {

	/**
	 * (non-Javadoc)
	 * @see org.independent.servlet.session.manager.SessionSecurity#checkSessionByRequest(javax.servlet.http.HttpServletRequest, org.independent.servlet.session.ServletSession)
	 * @param request the request be check
	 * @param session the session for the request 
	 * 
	 */
	public void checkSessionByRequest(HttpServletRequest request,ServletSession session) {
		if (session == null)
			throw new ServletSessionException("the session can't is null!");
		;
		if (!ContextHolderFactory
				.getServiceContextHolder()
				.getContext()
				.getSessionMark()
				.equalsIgnoreCase(
						(String) session.getAttribute(IP_SECURITY_MARK))) {
			throw new ServletSessionException(
					"the request ip can't pass verification!");
		}
	}
}
